| Age | Commit message (Collapse) | Author |
|---|
|
Add basic VRF (virtual routing and forwarding) support. Protocols can be
associated with VRFs, such protocols will be restricted to interfaces
assigned to the VRF (as reported by Linux kernel) and will use sockets
bound to the VRF. E.g., different multihop BGP instances can use diffent
kernel routing tables to handle BGP TCP connections.
The VRF support is preliminary, currently there are several limitations:
- Recent Linux kernels (4.11) do not handle correctly sockets bound
to interaces that are part of VRF, so most protocols other than multihop
BGP do not work. This will be fixed by future kernel versions.
- Neighbor cache ignores VRFs. Breaks config with the same prefix on
local interfaces in different VRFs. Not much problem as single hop
protocols do not work anyways.
- Olock code ignores VRFs. Breaks config with multiple BGP peers with the
same IP address in different VRFs.
- Incoming BGP connections are not dispatched according to VRFs.
Breaks config with multiple BGP peers with the same IP address in
different VRFs. Perhaps we would need some kernel API to read VRF of
incoming connection? Or probably use multiple listening sockets in
int-new branch.
- We should handle master VRF interface up/down events and perhaps
disable associated protocols when VRF goes down. Or at least disable
associated interfaces.
- Also we should check if the master iface is really VRF iface and
not some other kind of master iface.
- BFD session request dispatch should be aware of VRFs.
- Perhaps kernel protocol should read default kernel table ID from VRF
iface so it is not necessary to configure it.
- Perhaps we should have per-VRF default table.
|
|
The variable nfa is not cleaned before each loop iteration and can have
a wrong value of nfa.nhs_reuse from the previous step.
Thanks to Bernardo Figueiredo for the bugreport and analysis.
|
|
Stubnet nodes in OSPF FIB were removed during rt_sync(), but the pointer
remained in top_hash_entry.nf, so net-summary LSA origination was
confused, reported 'LSA ID collision' and net-summary LSAs were not
originated properly.
Thanks to Naveen Chowdary Yerramneni for bugreport and analysis.
|
|
|
|
Based on former commit from Pavel Tvrdik
|
|
Add generic interface for generating and verifying MACs (message
authentication codes). Replace multiple HMAC implementation with
a generic one.
|
|
There are several unresolved -Wmissing-field-initializers on older
versions of GCC than 5.1, all of them false positive.
|
|
|
|
After restart, LSAs locally originated by the previous instance are
received from neighbors. They are installed to LSA db and flushed. If
export of a route triggers origination of a new external LSA before flush
of the received one is complete, the check in ospf_originate_lsa() causes
origination to fail (because en->nf is NULL for the old LSA and non-NULL
for the new LSA). The patch fixes this by updating the en->nf for LSAs
being flushed (as is already done for empty ones). Generally, en->nf
field deserves some better description in the code.
Thanks to Jigar Mehta for analyzing the problem.
|
|
Thanks to Pavel Tvrdik for noticing it.
|
|
|
|
|
|
|
|
The new RIP implementation fixes plenty of old bugs and also adds support
for many new features: ECMP support, link state support, BFD support,
configurable split horizon and more. Most options are now per-interface.
|
|
Thanks to Bernardo Figueiredo and Israel G. Lugo for the bugreport.
|
|
The patch adds suport for specifying route attributes together with
static routes, e.g.:
route 10.1.1.0/24 via 10.0.0.1 { krt_advmss = 1200; ospf_metric1 = 100; };
|
|
|
|
|
|
|
|
New LSA checksumming code separates generic Fletcher-16 and OSPF-specific
code and avoids back and forth endianity conversions, making it much more
readable and also several times faster.
|
|
Prior to this patch, BIRD validates the OSPF LSA checksum by calculating
a new checksum and comparing it with the checksum in the header. Due to
the specifics of the Fletcher checksum used in OSPF, this is not
necessarily correct as the checkbytes in the header may be calculated via
a different means and end up with a different value that is nonetheless
still correct.
The documented means of validating the checksum as specified in RFC 905
B.4 is to calculate c0 and c1 from the unchanged contents of the packet,
which must result in a zero value to be considered valid.
Thanks to Chris Boot for the patch.
|
|
The bug caused that received external LSAs with locally reachable
next hops were ignored. I wonder why nobody noticed it sooner.
|
|
|
|
Make proto_config_new() use this info instead of supplied size.
Thanks to Alexander V. Chernikov for the patch.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Fixes cases where the same network or external route are propagated by
several OSPF routes and some other corner cases in next hop construction
and ECMP. Allows to specify whether external routes should be merged.
Thanks to Peter Christensen for the original patch.
|
|
Thanks to Aleksey Berezin for the bugreport.
|
|
Thanks to Ondrej Caletka for the bugreport.
|
|
|
|
I/O:
- BSD: specify src addr on IP sockets by IP_HDRINCL
- BSD: specify src addr on UDP sockets by IP_SENDSRCADDR
- Linux: specify src addr on IP/UDP sockets by IP_PKTINFO
- IPv6: specify src addr on IP/UDP sockets by IPV6_PKTINFO
- Alternative SKF_BIND flag for binding to IP address
- Allows IP/UDP sockets without tx_hook, on these
sockets a packet is discarded when TX queue is full
- Use consistently SOL_ for socket layer values.
OSPF:
- Packet src addr is always explicitly set
- Support for secondary addresses in BSD
- Dynamic RX/TX buffers
- Fixes some minor buffer overruns
- Interface option 'tx length'
- Names for vlink pseudoifaces (vlinkX)
- Vlinks use separate socket for TX
- Vlinks do not use fixed associated iface
- Fixes TTL for direct unicast packets
- Fixes DONTROUTE for OSPF sockets
- Use ifa->ifname instead of ifa->iface->name
|
|
|
|
|
|
Conflicts:
filter/filter.c
nest/proto.c
nest/rt-table.c
proto/bgp/bgp.h
proto/bgp/config.Y
|
|
|
|
|
|
|
|
Supports OSPF and BGP and also statically configured sessions.
|
|
Thanks to Pierre Pfister for the patch.
|
|
Thanks to Sergey Popovich for the patch.
|
|
Now it compiles and mostly works.
|
|
Chernikov
|
